Firefox 97 0-day Audit

Find Firefox Installations Vulnerable to Actively Exploited 0-day

Mozilla's released Firefox version 97.0.2 just days before the upcoming Firefox 98 release. The reason for this out-of-band update is two zero-day vulnerabilities, CVE-2022-26485 and CVE-2022-26486:

  • CVE-2022-26485 - Removing an XSLT parameter during processing could lead to an exploitable use-after-free
  • CVE-2022-26486 - An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape

Mozilla lists for both vulnerabilities "We have had reports of attacks in the wild abusing this flaw.". Aside from the regular desktop release, all other related Mozilla products have also been updated including Firefox ESR which has been updated to version 91.6.1. To find which machines still need to update their Mozilla Firefox version, you can use the color-coded audit below which shows exactly which machines have updated and which ones still need an update so all of your machines have an up-to-date Firefox installation.

Firefox 97.0.2 and Firefox ESR 91.6.1 Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
tblSoftwareUni.SoftwarePublisher As Publisher,
Case
When
Len(tblSoftware.softwareVersion) -
Len(Replace(tblSoftware.softwareVersion, '.', '')) = 1 And
tblSoftwareUni.softwareName Like '%firefox%' And
tblSoftwareUni.softwareName Not Like '%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 97 Then
'Up to date'
When
Len(tblSoftware.softwareVersion) -
Len(Replace(tblSoftware.softwareVersion, '.', '')) = 1 And
tblSoftwareUni.softwareName Like '%firefox%' And
tblSoftwareUni.softwareName Not Like '%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 97 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) >= 2 Then
'Up to date'
When
Len(tblSoftware.softwareVersion) -
Len(Replace(tblSoftware.softwareVersion, '.', '')) = 2 And
tblSoftwareUni.softwareName Like '%firefox%' And
tblSoftwareUni.softwareName Not Like '%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) > 97 Then
'Up to date'
When
Len(tblSoftware.softwareVersion) -
Len(Replace(tblSoftware.softwareVersion, '.', '')) = 2 And
tblSoftwareUni.softwareName Like '%firefox%' And
tblSoftwareUni.softwareName Not Like '%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 97 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 0 Then
'Up to date'
When
Len(tblSoftware.softwareVersion) -
Len(Replace(tblSoftware.softwareVersion, '.', '')) = 2 And
tblSoftwareUni.softwareName Like '%firefox%' And
tblSoftwareUni.softwareName Not Like '%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 97 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 0 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) >= 2 Then
'Up to date'
When tblSoftwareUni.softwareName Like '%firefox%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) > 91 Then
'Up to date'
When tblSoftwareUni.softwareName Like '%firefox%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 91 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 6 Then
'Up to date'
When tblSoftwareUni.softwareName Like '%firefox%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 91 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 6 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) >= 1 Then
'Up to date'
Else 'Out of date'
End As [Patch Status],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblSoftware.Lastchanged,
Case
When
Len(tblSoftware.softwareVersion) -
Len(Replace(tblSoftware.softwareVersion, '.', '')) = 1 And
tblSoftwareUni.softwareName Like '%firefox%' And
tblSoftwareUni.softwareName Not Like '%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 97 Then
'#d4f4be'
When
Len(tblSoftware.softwareVersion) -
Len(Replace(tblSoftware.softwareVersion, '.', '')) = 1 And
tblSoftwareUni.softwareName Like '%firefox%' And
tblSoftwareUni.softwareName Not Like '%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 97 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) >= 2 Then
'#d4f4be'
When
Len(tblSoftware.softwareVersion) -
Len(Replace(tblSoftware.softwareVersion, '.', '')) = 2 And
tblSoftwareUni.softwareName Like '%firefox%' And
tblSoftwareUni.softwareName Not Like '%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) > 97 Then
'#d4f4be'
When
Len(tblSoftware.softwareVersion) -
Len(Replace(tblSoftware.softwareVersion, '.', '')) = 2 And
tblSoftwareUni.softwareName Like '%firefox%' And
tblSoftwareUni.softwareName Not Like '%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 97 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 0 Then
'#d4f4be'
When
Len(tblSoftware.softwareVersion) -
Len(Replace(tblSoftware.softwareVersion, '.', '')) = 2 And
tblSoftwareUni.softwareName Like '%firefox%' And
tblSoftwareUni.softwareName Not Like '%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 97 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 0 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) >= 2 Then
'#d4f4be'
When tblSoftwareUni.softwareName Like '%firefox%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) > 91 Then
'#d4f4be'
When tblSoftwareUni.softwareName Like '%firefox%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 91 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 6 Then
'#d4f4be'
When tblSoftwareUni.softwareName Like '%firefox%esr%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 91 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 6 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) >= 1 Then
'#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblSoftwareUni.softwareName Like '%Mozilla%firefox%' And
tblState.Statename = 'Active'

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Save-and-Run-the-Report

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit